The details of any computer system can be overwhelming when trying to think about the system abstractly and conceptually. The number of files, database tables, and other objects makes it difficult for even the most diligent user to keep track of them all. Further, new objects are continuously being created on the system that a user does not know about. On complex systems, objects may be created by many users making the problem greater for system administrators that may need to work with large volumes of objects created by many different users. Classification of objects on a computer may help to alleviate some of the problems. For example, being able to classify objects and then group those objects by the class assists an administrator in performing general tasks such as backing up or archiving data. System security may be another application where being able to classify objects would assist the administrator. Access levels could be set based on classification with relative ease and with confidence that objects haven't been missed.
Computer security of financial data has become more important since the passage of the Sarbanes-Oxley Act. Chief information officers are now responsible for the security, accuracy and the reliability of the systems that manage and report financial data. Financial accounting and Enterprise Resource Planning systems are integrated in the initiating, authorizing, processing, and reporting of financial data and therefore need to be assessed for compliance with the Sarbanes-Oxley Act. So, although the Act places responsibility in corporate financial reporting on the chief executive officer (CEO) and chief financial officer (CFO), the chief information officer (CIO) also plays a significant role in ensuring that adequate controls are in place.
A key area of risk being scrutinized is the use of uncontrolled spreadsheets affecting regulatory reporting, P&L reporting or general ledger entries. Reducing the risk of errors in critical financial spreadsheets requires a spreadsheet inventory, risk assessment, remediation, and the deployment of a controlled environment that incorporates version control, access control, security and data integrity, change control, input control, documentation, archival and backup, and overall analytics.
This presents a problem when the administrator has to make decisions about the computer system at a policy level. For example, an administrator may wish to deny access to accounting data to any person who is not in the accounting department. It is difficult, however, to create a list of the objects that contain accounting data or to be sure the list is complete. An administrator may secure ninety-five percent of the objects but miss some because he or she was unaware the objects held accounting data. This particular problem may be more apparent on systems running large third party applications, which may not document which types of information are stored where.
The problem is also apparent in other aspects of maintaining a computer system. A similar problem exists when trying to back up certain types of information or make other types of information highly available. A company policy that specifies all customer order data be backed up nightly would be much easier to implement and take up less storage space if the administrator could be sure that he/she knew exactly which files contained the order data. Likewise, data archival of completed projects would pose similar problems for the administrator.
Classifying objects by format is a straightforward method utilizing file extensions, which already classify object types. Problems arise in this method when file extensions are common between unrelated applications. A better approach would be to classify objects based on their content rather than their type or format. However, there often is no easy way to classify objects on a system based on their content except to examine each one individually. Manual classification is often not a feasible method with modern computer systems having thousands or even millions of objects that the administrator would have to examine individually. Improperly classified or missed objects may lead to security issues if the classifications are being used to implement a security policy.
Therefore there is a need in the art to classify objects on a computer system without having to manually inspect each object.